Cyber Security – Once more unto the breach, dear friends, once more…

OK, so we might be stretching it a bit with the Shakespeare, it’s not even a quote from Macbeth! If you didn’t already know, the breach in question is the gap in the wall of the city of Harfleur, which the English army held under siege. These days, city walls don’t tend to get blown apart and besieged by evil infiltrators.

The modern day data breach insurance is ever more frequently one that takes a digital approach, attacking private corporations and governmental institutions alike. Henry V may well have put up a brave fight against a cyber hacker, but we doubt he would have had the data breach insurance cover in place in the event he lost the battle!

In the wake of the recent flurry around General Data Protection Regulations (GDPR), awareness of what constitutes a cyber security breach, in the context of personal data at least, has increased, which can only be a good thing. Awareness and education are massive parts of the overall cyber security defence strategy when it comes to ensuring your business’s critical systems and valuable data are protected. A data breach can be defined as any activity that leads to personally identifiable information being accidentally or unlawfully destroyed, lost, altered, disclosed of, or accessed without due authorisation. This includes breaches that are the result of both accidental and deliberate causes. A breach is more than just about losing personal data however.

It’s not just about losing data and GDPR compliance

Any organisation that relies on any form of IT system to perform their business is at a cyber security risk. Businesses of all sizes are under constant attack, whether they know it or not. From a sophisticated, complex targeted effort to extort, right through to a lazy automated brute force attack on a website designed to cause disruption and annoyance, the threat is constant and for most it’s not a case of ‘if’ but ‘when’. There are many examples of the best security in the world not being enough to prevent a cyber security breach. Sophos recently had egg on their face when they claimed the NHS were “totally protected”. The WannaCry outbreak quickly proceeded to cripple parts of the National Health Service back in 2017. Sophos adjusted their marketing message accordingly!

If someone wants it enough, the chances are high they will eventually do some damage. The motives and desired outcomes of ‘hackers’ will vary, but ultimately the end result is to put you, and your business, in a position where you feel compelled to hand over some cold hard cash, or perhaps Bitcoin! A major data breach may well lead to the loss of jobs and major company devaluations. Cisco has created a neat dramatisation of the ‘Anatomy of an Attack’.

No One is Safe

We’re not in the business of scare tactics, but genuinely, all organisations who have a digital footprint and who rely on an IT system to perform their day to day business is at risk, including us. It’s not the unenviable preserve of large financial (TSB) and healthcare (NHS) organisations to worry about a cyber security breach, spending hundreds of thousands, if not millions on security. Hackers do not discriminate and will target businesses of all shapes and sizes.

There may be a tendency for smaller, professional service led businesses to assume their cyber security risk is reasonably limited. Whist it might be true that the potential gains would be bigger by targeting the bigger fish, there are plenty of automated tools and tricks designed to take advantage of the smaller fish. Having an effective cyber security insurance policy in place will provide some piece of mind that should a serious cyber security breach occur, your business will be back up and running as quickly as possible, with the support of tech experts to identify the cause and help restore business as usual.

Don’t be held to Ransom

One of the most common types of cyber security threat is Ransomware, usually an .exe file attached to an email that once opened will infect the machine and encrypt all the files, making it impossible to access any of the information you need to do your job. Once on the network, particularly if the network has a vulnerability, the Ransomware can spread quickly throughout the organisation. Then the panic sets in!

It took just one day for the WannaCry ransomware to infect over 240,000 machines across 150 countries. As the name suggests, the ransomware will demand a ransom be paid in order for the decryption keys to be provided. Paying such a ransom is often a very tempting course of action when your entire business has ground to a halt and there are pressures on keeping your clients serviced (or patients alive!), but it’s rarely the best course of action to take. By paying up, you are confirming you have been hit and the hacker could sink their teeth in further. If you do get given the decryption keys they may not offer a complete fix, leaving you exposed to further extortion. The general rule is that you can’t trust the bad guys! It could be argued however that where lives are at risk, a decision is made to pay. Regardless, if you have a good backup solution, you shouldn’t need to pay a penny. You do have a back up solution don’t you?! 😉 Or maybe just get your typewriter out!!

Be Kind Rewind

So unless you have lives at stake, paying to deal with Ransomware should always be the last resort. The first resort would be to call your cyber liability insurance provider, assuming you have an appropriate cyber liability policy covering you against damages caused by a cyber security breach. Next you should consider your disaster recovery process, a key part of which will be your backup routine. If you’ve been unfortunate enough to have already suffered such a ransomware attack, you’ll probably now have a disaster recovery plan in place, but for many who are yet to experience the pain of not being able to use their business systems, a disaster recovery plan absolutely needs to be in place. As a minimum you should consider the following:

Create a disaster recovery plan

Consider how a specialist cyber liability insurance policy would assist in the event of a serious cyber security breach

Identify what data you cannot operate without

Back that data up and ensure those backups are working

Ensure at least one copy of the backup is stored away from the network and away from the Ransomware

Treat the process as if you were planning for a system failure. If the hard drive in your laptop fails, what do you do? If you’re running a local server that 20 people need access to, and it fails, what do you do? If all of your company computers become infected with Ransomware, what do you do?

By not being able to restore business systems quickly and easily, a climate is created within which the criminals who propagate this Ransomware can thrive.

Cyber Liability Insurance

As mentioned earlier, many SME’s perhaps consider the risk of a serious cyber security incident to be minimal and as such do not see the need to invest in a specialist Cyber Liability insurance policy. We mentioned that we include ourselves as being at risk just as much as any other business, and as such have a dedicated cyber liability insurance policy in place.

In the event of a serious cyber security breach, the costs can start mounting up quickly. The cost of IT services to deal with the initial impact together with the cost of new hardware as required and efforts to recover the compromised data can all rack up in the first few days of a breach, with sums highly dependent on the nature of the business, but figures of £15,000 to £20,000 would not be uncommon. In the event that the data from the backup was not in fact recoverable, there may be further significant costs should the data need to be recreated, with costs potentially rising to hundreds of thousands.

Benefits of Cyber Liability Insurance Policy:

Provide cover for multiple cyber security incidents within the same policy period

Nil deductible, separate additional limits designed to protect the main policy limit from initial response costs

Immediate response 24/7/365

Cover for theft of money and fraud as the result of phishing scams, social engineering and telephone hacking

If an existing management liability policy doesn’t respond to a suit arising from a cyber security attack, our Cyber Liability policy will

Retroactive cover

System and Network repair costs including specialist consultants and staff overtime

Fines and Penalties (where insurable)

An underwriter of Cyber Liability Insurance will be keen to see organisations with a good level of IT security, established risk management principles and well defined access controls along with good staff awareness and training backed by good control of contractual protection from 3rd party service providers. Some form of cyber security accreditation or evidence of external testing would be desirable but not essential.

It’s not one size fits all, and with solutions designed for businesses of all shapes, sizes and industries we are able to provide access to cutting edge cyber cover whatever the requirement. If you understand the risks posed to your business, and would appreciate expert assistance in the event of a major cyber security breach, then call Adam Lawrence direct on 0118 916 5484, email via the ‘Author’ link below or complete our contact form at the top of the page.

Macbeth Insurance Brokers is a trading name of M S Macbeth Ltd, which is authorised and regulated by the Financial Conduct Authority, and registered in England and Wales No: 03408293.
Registered office: East House, 109 South Worple Way, London, SW14 8TN.